Data Breaches (905A/20)
Request
Under the provisions of the Freedom of Information Act I would like the following information:
1. The number of times for the following years, 2020, 2019, 2018, 2017, 2016, the force has recorded data breaches.
Please breakdown by year and state the number of people whose details were affected and if possible within the cost limit, details of the circumstances of the breach.
2. Please give details of the data breach where the most people’s details have been compromised.
3. a) How many times for the following years, 2020, 2019, 2018, 2017, 2016, have documents, data, notebooks, files, memory sticks or any other form of data been stolen from the force.
Please state the circumstances of each theft and what was stolen, eg document, notebook, memory stick.
b) Specifically how many times for the following years, 2020, 2019, 2018, 2017, 2016, have documents, data, notebooks, files, memory sticks or any other form of data been stolen
from a police vehicle or officer’s vehicle owned by the force (eg company car)
- How many times for the following years, 2020, 2019, 2018, 2017, 2016, have documents, data, notebooks, files, memory sticks or any other form of data been lost.
Please state the circumstances of each loss and what went missing, eg document, notebook, memory stick.
If this request is over the cost limit please start again from 2017, if it is still too costly then please search for information for the years 2018-2020.
Response
Our data are not organised in such a way as to allow us to provide this information within the appropriate (cost) limit within the Freedom of Information (FOI) Act (see ‘Reason for Decision’ below).
Although excess cost removes the force’s obligations under the Freedom of Information Act, as a gesture of goodwill I have supplied information, relative to your request, retrieved before it was realised that the fees limit would be exceeded (see attached). I trust this is helpful, but it does not affect our legal right to rely on the fees regulations for the remainder of the request.
REASON FOR DECISION
Please note that researching each individual case would exceed the appropriate limit (FOIA, s.12). Our data supplier only has access to records from 2018, therefore they have limited their responses to start at that year. They are unable to provide the level of detail requested in the time period. There are 707 files in the folders for the 3 years they can cover. Each file will require an average of 10 minutes to view, comprehend and then write a precis of the event (or discard it as not relevant to the request). It should be noted that we store ALL incident logs in the same folders, including data breaches and near misses but also including other non-data related events. I need to read each of them to be sure what is relevant and what is not.
The cost of compliance with the whole of your request is above the amount to which we are legally required to respond, i.e. the cost of locating and retrieving the information would exceed the appropriate costs limit under section 12(1) of the FOI Act 2000. For West Midlands Police, the appropriate limit is set at £450, as prescribed by the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004, S.I. 3244.